If insurance could ever have a wild, wild West, it is experiencing one right now in the field of cyber coverage. Technology has winged all business into a maze of new situations and risks, very few of which were even imagined by the hidebound architects of today’s boilerplate insurance policies. Does your policy repay the cost of computer crashes, or delays? Think your theft clause covers identity theft? Think again.
To examine the new insurance needs and help business owners realize what they and attorneys need to request, the New Jersey Institute for Continuing Legal Education is presenting “Dealing with Cyber Risk and Cyber Insurance” on Wednesday, July 30, at 1 p.m. at the New Jersey Law Center in New Brunswick. Cost: $169. Visit www.njicle.com.
Speakers include attorneys Robert Chesler and Mary Hildebrand from Roseland-based Lowenstein Sandler; Christopher Keegan, senior vice-president, Wills National Resource E&O and eRisks; Karen Moriarty of Coughlin Duffy, in Morristown; and Ken Phelan of the Gotham Technology Group in Montvale.
As an attorney, Chesler has spent his career in the forefront of hot insurance topics. A native of Brooklyn, Chesler grew up in a family in which his parents were the first to obtain a high school degree. Chesler earned a bachelor’s in history from Rutgers in 1973. He then earned a Ph.D. in history from Princeton.
But he had second thoughts. “I looked over the job market and decided law would be a better bet,” he says. Upon earning his law degree from Harvard, Chesler spent one year on his own, then joined up with Lowenstein Sandler in l984. Here he began helping clients design environmental policies when they were first being envisioned. “I am probably one of the longest-serving insurance attorneys in the state,” he says.
Despite business’s total dependence on the computer, it is surprising how few people think of getting any coverage for this precarious, yet valuable lynchpin. “No one would think of running a business without fire insurance,” says Chesler, “and the odds of your enduring some cyber disaster are much greater and can be much more devastating.” And now is the time to grab a ground floor advantage.
The state of the art. “The truth of it is, cyber insurance is only about a year old because it is only lately people have seen the need for separate coverage,” says Chesler. Recently a client of his faced a several-hour disruption of service when a hacker broke into the company’s records. No business could be conducted and virtually no regular business policy covers such a non-physical disruption. A snapped power line is usually covered, but not this type of willful cyber vandalism. Fortunately for this client, he had taken precautions. He had figured out an approximate cost per hour of his online capability. Armed with these facts and figures, he had proved this amount to his broker, and when the disaster struck the insurance company unquestioningly paid the owner the pre-determined, guaranteed price per downtime hour.
“This is the real advantage of signing up now,” says Chesler. “Insurance companies are amazingly willing to customize your policy to suit individual needs, because there are simply not a lot of cases to have developed a formula.” This same lack of actuarial tables and core historical data has kept the premiums low. Financial institutions and retail shops, both especially vulnerable to privacy and identity theft problems, are finding the premiums very affordable. Also, in case of litigation, having the insurance provides the business owner one more demonstration that he was taking all possible precautions.
Risk assessment. Every cyber asset produces an equivalent cyber risk whose protection owners may negotiate into the final customized insurance package. Chesler suggests determining your company’s risks by first auditing your operations. Holdings often include in-house websites containing company records, external customer websites, files of individual’s records, E-mail records, and more. Then balance your current security and control over such items versus the cost if each system fails or is breached. Outsourced materials often contain some of the most precious and most vulnerable data.
“There are certain risks that are almost never protected by regular policies that definitely require cyber coverage,” says Chesler. Theft or destruction of data is a prime insurance disaster. Chesler cites one Florida firm in which a disgruntled worker, fearing termination, wiped out five years of data. Having established a restoration-cost clause in his contract, the owner was reimbursed. Intellectual property infringement presents a double-edged protection: insurance in case your intellectual property is infringed upon, or if someone claimed you infringed on theirs. As websites bloom and links proliferate, the likelihood of putting uncredited things on a site grows.
Interruption of service, by a non-physical trigger, on any part of your vital computer operations, lies within almost no ordinary business policies. The trick here is to determine the exact business loss financially for each potential incident. Also, the insurers will probably demand a reactivation plan. Privacy issues become very touchy as lists get passed without notification, and vast amounts of personal data get stored, worked, and outsourced.
Policy caveats. No matter how tightly an owner runs his business, he probably has not considered the all the potential cyber risks and outcomes of his firm’s online operations. Chesler advises having the company’s own IT specialist visit the broker. If there is no specific IT specialist, a technology-oriented attorney may suffice. Five years from now, most brokers will be thoroughly conversant in all aspects of cyber risk. But not today. There are a few specialists in a very few insurance companies who have the answers and it is worth seeking them out.
In designing your policy, Chesler warns that many of the companies offering cyber protection are overseas firms. Frequently they have a clause demanding that all litigation and arbitration be done in London or some other foreign shore. Not only is the expense of travel crushing, your odds in a foreign court are significantly slimmer.
Throughout history, every new method of transport and communication has brought an array of new risks, with the accompanying coverage trudging agonizingly behind. Uninsured automobile crashes numbered in the thousands before anyone thought these horseless carriages just might be worthy of consideration. The response time has quickened in the case of cyber coverage. And for the first time in memory, the insurance companies are letting the clients work out their own terms.